April 23, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Haken and Joker Malware found in Apps on Google Play
February 24, 2020Rewterz Threat Advisory – ICS: Moxa EDS-G516E and EDS-510E Series Ethernet Switches Multiple Vulnerabilities
February 26, 2020Rewterz Threat Alert – Haken and Joker Malware found in Apps on Google Play
February 24, 2020Rewterz Threat Advisory – ICS: Moxa EDS-G516E and EDS-510E Series Ethernet Switches Multiple Vulnerabilities
February 26, 2020
Severity
High
Analysis Summary
WinPot ATM Malware has affected more than 120 ATM machines and the number of affected victims is growing. Jackpotting commonly refers to attacks where cybercriminals force an automated teller machine to spew out money. WinPot can make the “ATM game” a sure-fire win, which could explain the first part of the name. The software helps criminals pick and empty the ATM’s most lucrative cash-dispensing cassette.The slot machine’s windows display each cassette’s bill denomination and the number of bills inside the cassette. All the mule needs to do is select the cassette with the most money in it and press Spin. The Scan button can be used to recount the bills. WinPot’s creators also provided an emergency Stop button for helping the mule cut the payout short before raising suspicions.
Impact
- ATM turns into slotting machine
- Financial loss
Indicators of Compromise
MD5
fdb6abf130e03539e962ea92db71d2b8
76ad9b03c32c3b5be03acafef937b0d7
SHA-256
acc9be34ac6effb6a87cd5110f68e7c59a982f44fa53619a07e5c67da1b99a53
fc7fb41d47409efea69ed59c791b7d4144f92f6f3ed9834742db82dd779084e6
SHA1
9983a6c013d11089e2ed2af4d3df1ac14fa86db5
ab1805fd3185c4635c0c4ca4a1ae7e7f5a3e48a4
Remediation
- Block the threat indicators at their respective controls.
- Activate text-message notifications about withdrawals and transfers.
- Keep all software associated with transactions updated to latest patched versions.